dub

dub copied to clipboard

This is a test. When NextAuth.js v5 is final, the imports will stay the same as before, but for now, the imports are from @auth/nextjs.

Based on https://auth-docs-git-feat-nextjs-auth-authjs.vercel.app/guides/upgrade-to-v5

New dependency changes detected. Learn more about Socket for GitHub ↗︎

---

🚨 Potential security issues found in this pull request. To accept the risk, merge this PR and you will not be notified again.

Bot Commands

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of package-name@version specifiers. e.g. @SocketSecurity ignore [email protected] bar@* or ignore all packages with @SocketSecurity ignore-all

• @SocketSecurity ignore [email protected]

📜 Install scripts

Install scripts are run when the package is installed. The majority of malware in npm is hidden in install scripts.

Packages should not be running non-essential scripts during install and there are often solutions to problems people solve with install scripts that can be run at publish time instead.

Package	Script field	Source
[email protected] (added)	postinstall	package.json, pnpm-lock.yaml

Pull request alert summary

Issue	Status
Install scripts	⚠️ 1 issue
Native code	✅ 0 issues
Bin script shell injection	✅ 0 issues
Unresolved require	✅ 0 issues
Invalid package.json	✅ 0 issues
HTTP dependency	✅ 0 issues
Git dependency	✅ 0 issues
Potential typo squat	✅ 0 issues
Known Malware	✅ 0 issues
Telemetry	✅ 0 issues
Protestware/Troll package	✅ 0 issues

---

📊 Modified Dependency Overview:

➕ Added Package	Capability Access	+/- Transitive Count	Publisher
[email protected]	None	+76	schickling
[email protected]	None	+0	ai

⬆️ Updated Package	Version Diff	Added Capability Access	+/- Transitive Count	Publisher
@splinetool/[email protected]	0.9.146...0.9.347	None	+1/-0	alelepd
[email protected]	9.1.2...9.6.7	network, filesystem, shell	+0/-1	gar
@upstash/[email protected]	0.3.0...0.3.6	None	+0/-0	chronark
@stripe/[email protected]	1.44.1...1.54.0	None	+0/-0	pololi-stripe
[email protected]	4.6.1...4.15.0	network, filesystem, environment	+1/-0	prismabot
[email protected]	4.9.3...4.9.5	None	+0/-0	typescript-bot
@visx/[email protected]	2.6.0...2.17.0	None	+3/-3	christopher.card.williams
@types/[email protected]	1.1.2...1.2.0	None	+0/-0	types
@vercel/[email protected]	1.0.0...1.0.1	None	+0/-0	vercel-release-bot
[email protected]	1.36.4...1.37.0	None	+0/-52	cloudinary
@upstash/[email protected]	1.18.0...1.20.6	None	+1/-4	chronark
[email protected]	6.1.4...6.1.5	None	+2/-2	taoqf
@vercel/[email protected]	0.1.0-canary.15...0.1.11	None	+1/-0	vercel-release-bot
[email protected]	2.8.0...2.8.8	None	+0/-0	prettier-bot
@upstash/[email protected]	0.3.6...0.3.10	None	+3/-27	mdogan
@vercel/[email protected]	0.3.1...0.3.4	None	+0/-0	vercel-release-bot

🚮 Removed packages: @next-auth/[email protected], @prisma/[email protected], @radix-ui/[email protected], @radix-ui/[email protected], @radix-ui/[email protected], @radix-ui/[email protected], @radix-ui/[email protected], @radix-ui/[email protected], @splinetool/[email protected], @stitches/[email protected], @tailwindcss/[email protected], @tailwindcss/[email protected], @trivago/[email protected], @visx/[email protected], @visx/[email protected], @visx/[email protected], @visx/[email protected], @visx/[email protected], @visx/[email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected]

Taking a quick look at this now – why were there so many removed packages @balazsorban44? A lot of them don't seem related to the Auth.js upgrade